# Nreki > MCP plugin that intercepts AI agent edits in RAM, validates them (TypeScript compiler + gopls + pyright), auto-heals missing imports, and commits atomically. If anything breaks, disk stays untouched - **URL**: https://www.freshcrate.ai/projects/Nreki - **Author**: Ruso-0 - **Category**: MCP Servers - **Latest version**: `v11.4.2` (2026-05-20) - **License**: Apache-2.0 - **Source**: https://github.com/Ruso-0/Nreki - **Language**: TypeScript - **GitHub**: 10 stars, 1 forks - **Registry**: github - **Tags**: `acid-transactions`, `ai-code-review`, `ai-safety`, `auto-healing`, `claude-code`, `code-safety`, `gopls`, `lsp`, `mcp`, `typescript` ## Description MCP plugin that intercepts AI agent edits in RAM, validates them (TypeScript compiler + gopls + pyright), auto-heals missing imports, and commits atomically. If anything breaks, disk stays untouched. 712 tests. Zero cloud. ## Recent releases | Version | Date | Urgency | Changes | | --- | --- | --- | --- | | `v11.4.2` | 2026-05-20 | High | ## Summary Closes the user-feedback gaps from v11.4.1. Two genuine EISDIR crashes (`set_plan`, `engram`) and two UX gaps (`outline` silent-fail, `search` "no results" asymmetry) reproduced empirically against the installed v11.4.1 binary and fixed. ## Why User reported four limitations after using v11.4.1 in production: 1. `compress` on a directory crashes with EISDIR 2. Pre-existing TS1259/TS2802 errors block unrelated edits 3. `outline` returns misleading "no symbols found" message on a | | `v11.2.0` | 2026-05-18 | High | ## Added - **Hybrid Runtime Integration**: New `nreki_navigate action="hybrid_search"` exposes the Type Ledger semantic + BM25 lexical fusion (RRF) documented in the Phase 5 paper to the production MCP runtime. Previously only reachable via eval scripts. - **`src/bm25-engine.ts`**: BM25 lexical retrieval migrated from `scripts/eval-phase5/runners/bm25-runner.ts`. Standard Okapi (k1=1.5, b=0.75); code-aware tokenization (PascalCase / snake_case / camelCase decomposition, 2-char minimum). Lazy in- | | `v10.5.1` | 2026-04-15 | High | ## 10.5.1 (2026-04-15) — Dynamic Risk Expansion ### Changed - **`handleOutline` auto-expand es ahora dinámico (knapsack):** en lugar de los 3 símbolos HIGH-risk más grandes fijos, expande todos los que quepan en un presupuesto de 6,000 tokens. Nuevo umbral de tamaño por símbolo sube de 100 a 150 líneas. - **Warning `[BUDGET LIMIT REACHED]`** con lista de los primeros 8 símbolos omitidos y comando `nreki_code action:"compress" focus:"..."` listo para copiar. - **Orden de expansión** dentro del o | | `v10.5.0` | 2026-04-15 | High | ## 10.5.0 (2026-04-15) — Pre-Launch Security Hardening ### Security (Critical) - **RCE blocklist expansion (path-jail):** `.claude/hooks/`, `.claude/settings*.json` (covers `settings.json` + `settings.local.json`), and `.mcp.json` are now blocked. Closes PreToolUse hook injection and rogue MCP server injection vectors. - **SQL injection fix:** `NrekiDB.getEngramsForFile` migrated from string interpolation to parameterized prepared statement. - **Prototype pollution guards:** `chronos-memory.ts` | | `v10.2.0` | 2026-04-14 | High | ## Triage v2 — SAST radar with cleanCode pre-pass `computeTriageRisk` now pre-strips comments, strings, and template literals before any regex analysis, eliminating false positives from keywords buried inside literals. Adds three new risk signals tuned for trading/finance codebases. ### New signals - **cleanCode pre-pass** — strips `/* */`, `//…`, and string/template literals before analysis - **Domain keywords (+2)** — `pnl, price, volume, amount, balance, margin, risk, vwap, liquidation, dra | | `master@2026-04-14` | 2026-04-14 | High | Latest activity on master branch | | `v8.0.2` | 2026-04-11 | High | Latest release: v8.0.2 | ## Citation - HTML: https://www.freshcrate.ai/projects/Nreki - Markdown: https://www.freshcrate.ai/projects/Nreki.md - Dependencies JSON: https://www.freshcrate.ai/api/projects/Nreki/deps _Generated by freshcrate.ai. Indexes github releases for AI-agent ecosystem packages._